Vulnerability Description
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ni | Labview | <= 2012 |
| Ni | Labwindows | <= 2012 |
| Ni | Measurementstudio | <= 2013 |
| Ni | Teststand | <= 2012 |
Related Weaknesses (CWE)
References
- http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocu
- http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenPatchVendor Advisory
- http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenVendor Advisory
- http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocu
- http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenPatchVendor Advisory
- http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenVendor Advisory
FAQ
What is CVE-2013-5022?
CVE-2013-5022 is a vulnerability with a CVSS score of 10.0 (HIGH). Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allo...
How severe is CVE-2013-5022?
CVE-2013-5022 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5022?
Check the references section above for vendor advisories and patch information. Affected products include: Ni Labview, Ni Labwindows, Ni Measurementstudio, Ni Teststand.